Debtors facing debt collection proceedings, when such measures prove effective, tend to seek protection, including legal protection. Many of them threaten the creditor with reporting them for harassment, but there are also those who wish to block debt recovery by invoking the GDPR. What issues should be borne in mind in the context of debt recovery and the GDPR?
Does the GDPR regulate debt recovery?
The introduction of the General Data Protection Regulation (GDPR) in May 2018 was intended to strengthen and harmonise the protection of personal data of European Union citizens. The GDPR applies to all personal data processing activities, including debt collection. Creditors and debt collection agencies are required to bring their operations into line with the provisions of the GDPR to ensure legal compliance and the protection of the rights of data subjects.
The GDPR imposes a number of obligations on entities processing personal data, which are designed to protect the privacy of individuals. It is worth noting, however, that these are general regulations, covering both the stage of concluding a contract, its performance, and debt collection.
In the context of debt collection in accordance with the GDPR, therefore, a business must bear in mind the general principles, i.e. the principles of lawfulness, fairness and transparency, amongst others.
Is debt collection permissible under the GDPR?
The answer to this question is clear: yes, debt collection can be carried out in accordance with the GDPR. The key requirement in this regard is compliance with the rules on the processing of personal data set out in the Regulation. Creditors should bear particular attention to the following points:
The legal basis for debt collection, i.e. the consent of the data subject or the necessity to process data for the performance of a contract to which the data subject is a party.
Transparency and information, i.e. properly informing the debtor about the processing of personal data, including the purpose of processing, the legal basis and the rights under the GDPR.
Data security, i.e. the creditor must implement appropriate technical and organisational measures to ensure the security of the personal data being processed and to protect it against unauthorised access, loss or destruction. In this regard, it is worth seeking the support of our law firm, which has implemented appropriate system solutions with the utmost care.
Is debt collection permissible under the GDPR?
The answer to this question is clear: yes, debt collection can be carried out in accordance with the GDPR. The key requirement in this regard is compliance with the rules on the processing of personal data set out in the Regulation. Creditors should bear particular attention to the following points:
- The legal basis for debt collection, i.e. the consent of the data subject or the necessity to process data for the performance of a contract to which the data subject is a party.
- Transparency and information, i.e. properly informing the debtor about the processing of personal data, including the purpose of processing, the legal basis and the rights under the GDPR.
- Data security, i.e. the creditor must implement appropriate technical and organisational measures to ensure the security of the personal data being processed and to protect it against unauthorised access, loss or destruction. In this regard, it is worth seeking the support of our law firm, which has implemented appropriate system solutions with the utmost care.
As mentioned above, data processing must be based on a specific legal basis. The debtor’s consent is not the only legal basis for processing personal data in the debt collection process. Debt collection may be based on other grounds justifying data processing, such as the necessity to perform a contract or the creditor’s legitimate interests.
In summary, debt collection in compliance with the GDPR is possible and lawful, but requires strict adherence to personal data protection rules. A creditor may continue debt collection proceedings even if the debtor withdraws their consent to the processing of personal data. However, this issue raises many questions, so if you have any further queries, please do not hesitate to contact our experts. Check https://rpms-legal.com/debt-collection/
